Real vulnerability disclosures from top bug bounty hunters. Filter by type and severity.
53 writeups
A Open Redirect vulnerability was identified within an OAuth authorization flow endpoint. The vulnerability occurs because the callback_url (or equivalent redirect parameter) is validated using an insecure string prefix match instead of exact parsing.
A critical Reflected Cross-Site Scripting (XSS) vulnerability was discovered in a captive WiFi portal, allowing an unauthenticated attacker to steal the credentials of any user connecting via a malicious URL.
HackerOne disclosed report --> https://hackerone.com/reports/3020021 by adilnbabras
HackerOne disclosed report --> https://hackerone.com/reports/3325582 by adilnbabras
HackerOne disclosed report --> https://hackerone.com/reports/881118 by avielt
HackerOne disclosed report --> https://hackerone.com/reports/3355766 by resurrect20
HackerOne disclosed report --> https://hackerone.com/reports/3634400 by tipsen
HackerOne disclosed report --> https://hackerone.com/reports/3634571 by tipsen
A base64-encoded query parameter on a login/terms acceptance page was decoded and used directly in window.location.href with only protocol validation — no domain check. The writeup covers tracing the vulnerable code in the Angular bundle, crafting the payload, and why the legitimate branding makes this particularly effective for phishing.
A hardcoded backend URL found in a JavaScript bundle exposed an unauthenticated API endpoint that returned 500+ records containing employee full names, enterprise client details, and internal database IDs. The writeup walks through discovering the URL in the JS bundle, querying the API, and the GDPR/business intelligence impact.
How a simple payload and a shift in mindset exposed a vulnerability hidden in a complex invite and notification system.
HackerOne disclosed report --> https://hackerone.com/reports/3558277 by uv3doble